package com.nhjf.mobile.common.filter;

import java.io.IOException;
import java.util.Enumeration;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.jsoup.Jsoup;

import com.nhjf.common.util.xss.JsoupXssHtml;
import com.nhjf.mobile.common.util.SysProperties;
import com.nhjf.mobile.common.util.Validator;


public class SensitiveCharsFilter implements Filter{

	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
		
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		HttpServletRequest hreq = (HttpServletRequest) request;
		HttpServletResponse hres = (HttpServletResponse) response;
		hreq.setCharacterEncoding("UTF-8");
		
		
		
	      
		hres.setHeader("Access-Control-Allow-Origin", "*");
		hres.setHeader("Access-Control-Allow-Methods", "POST, GET");
		hres.setHeader("Access-Control-Max-Age", "3600");
		hres.setHeader("Access-Control-Allow-Headers", "x-requested-with");

		boolean ok = true;
		boolean csair = false;
//		hres.setHeader("SET-COOKIE", "JSESSIONID=" + hreq.getSession().getId() + "; Path=" + hreq.getContextPath() + "; HttpOnly");
		
//		Enumeration<String> e = hreq.getParameterNames();

//		while (e.hasMoreElements()) {
//			String name = (String) e.nextElement();
//			if (!Validator.isSafe(request.getParameter(name))) {
//				ok = false;
//				break;
//			}
//		}
		

//		String referer = hreq.getHeader("REFERER");
//		System.out.println("referer:" + referer);
		
		String method = hreq.getMethod();
		
			csair = true;
		
//			if ( csair) {
////				chain.doFilter(new MyRequestWrapper((HttpServletRequest) request),
////						response);
//				chain.doFilter(new HttpServletRequestWrapper(hreq) {
//					@Override
//					public String getParameter(String name) {
//						String value = super.getParameter(name);
////						return filter(this, value);0
////						return Validator.filter(value);
//						//针对富文本里面以及所有string里面的非白名单的脚本一律清理Jsoup.clean
//						//还原尖括号，然后交给jsoup进行白名单过滤
//						if (StringUtils.isNotBlank(value)) {
//							value = value.replaceAll("&lt;", "<");
//							value = value.replaceAll("&gt;", ">");
//							value = Jsoup.clean(value, JsoupXssHtml.user_content_filter);
//						}
//						return value;
//					}
//					@Override
//					public String[] getParameterValues(String name) {
//						String[] values = super.getParameterValues(name);
//						if (values == null) {
//							return null;
//						}
//						for (int i = 0; i < values.length; i++) {
////							values[i] = Validator.filter(values[i]);
//							//针对富文本里面以及所有string里面的非白名单的脚本一律清理Jsoup.clean
//							//还原尖括号，然后交给jsoup进行白名单过滤
//							if (StringUtils.isNotBlank(values[i])) {
//								values[i] = values[i].replaceAll("&lt;", "<");
//								values[i] = values[i].replaceAll("&gt;", ">");
//								values[i] = Jsoup.clean(values[i], JsoupXssHtml.user_content_filter);
//							}
//
//						}
//						return values;
//					}
//				}, response);
//			} else {
//				hres.sendRedirect(SysProperties.getInstance().get("contextPath")+"/login");
////				hres.sendRedirect("http://czshop.csair.com");
//			}
			if (ok & csair) {
//				chain.doFilter(new MyRequestWrapper((HttpServletRequest) request),
//						response);
				chain.doFilter(new HttpServletRequestWrapper(hreq) {
					@Override
					public String getParameter(String name) {
						String value = super.getParameter(name);
//						return filter(this, value);
						return Validator.filter(value);
					}
					@Override
					public String[] getParameterValues(String name) {
						String[] values = super.getParameterValues(name);
						if (values == null) {
							return null;
						}
						for (int i = 0; i < values.length; i++) {
//							values[i] = filter(this, values[i]);
							values[i] = Validator.filter(values[i]);
						}
						return values;
					}
				}, response);
			} else {
				
				System.out.println("不执行");  
				hres.sendRedirect(SysProperties.getInstance().get("contextPath") +"/home/err"); 
//				hres.sendRedirect("http://czshop.csair.com");
			}
	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}

}
